public function indexAction()
{
$registry = Zend_Registry::getInstance();
$auth = Zend_Auth::getInstance();
$config = $registry->get("config");
$sessionConfig = $config['resources']['session'];
Ml_Model_AntiAttack::loadRules();
$credential = Ml_Model_Credential::getInstance();
$logger = Ml_Model_Logger::getInstance();
if ($auth->hasIdentity()) {
return $this->_forward("goback");
}
$request = $this->getRequest();
$form = $credential->loginForm();
if (Ml_Model_AntiAttack::ensureHuman()) {
$ensureHuman = true;
} else {
$ensureHuman = false;
}
if ($request->isPost()) {
ignore_user_abort(true);
//A way to sign in only if captcha is right. This is a workaround to
//signout if the captcha is wrong.
//
//I've decided to put the sign in code in the validator itself,
//but couldn't find a way to make the password validator
//load after the captcha one (but to let it come first in code,
//and that's ugly on the screen) and get a result if the
//validation worked. Notice that it is only useful when
//the captcha is required.
if ($form->isValid($request->getPost())) {
//@see below
$session = Ml_Model_Session::getInstance();
//rememberMe and ForgetMe already regenerates the ID
if ($form->getElement("remember_me")->isChecked()) {
Zend_Session::rememberMe($sessionConfig['cookie_lifetime']);
} else {
Zend_Session::ForgetMe();
}
$session->associate($auth->getIdentity(), Zend_Session::getId());
$logger->log(array("action" => "login", "username" => $form->getValue("username")));
$this->_forward("goback");
} else {
//@see above
if ($auth->hasIdentity()) {
$auth->clearIdentity();
}
$logger->log(array("action" => "login_denied", "username" => $form->getValue("username")));
$this->view->errorlogin = true;
}
//@end of workaround
}
$challenge = $form->getElement("challenge");
//don't show missing value in the first time that asks for the captcha
if (!$ensureHuman && is_object($challenge)) {
$challenge->setErrorMessages(array("missingValue" => ''));
}
$this->view->loginform = $form;
}
/**
* Login submit
*/
public function submitLoginForm($form)
{
if ($form->isValid($_POST)) {
$Profiles = new Application_Model_Profiles();
$name_input = $form->getValue('name');
$password = $form->getValue('password');
$remember_me = $form->getValue('remember_me');
if ($remember_me == '0') {
Zend_Session::ForgetMe();
}
$user_test = $Profiles->getProfileByField('email', $name_input);
// no user, try with name instead of email
if (!isset($user_test)) {
$user_test = $Profiles->getProfileByField('name', $name_input);
}
if (isset($user_test)) {
$name = $user_test->name;
$email = $user_test->email;
} else {
// show as alert to cover login modal error
Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on');
return;
}
if ($user_test->type != 'user' || !$email) {
// show as alert to cover login modal error
Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on');
return;
}
$authAdapter = Application_Plugin_Common::getAuthAdapter();
$authAdapter->setIdentity($email)->setCredential($password);
$auth = Zend_Auth::getInstance();
$authStorage = $auth->getStorage();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
// check if account is activated
if (!$Profiles->isActivated($name)) {
Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Please activate your account first'), 'off');
// build url
$base_url = Application_Plugin_Common::getFullBaseUrl();
$resendactivation_link = $base_url . '/index/activate/resend/' . $user_test->name;
Application_Plugin_Alerts::info('<a href="' . $resendactivation_link . '">' . Zend_Registry::get('Zend_Translate')->translate('Click here to resend the activation email') . '</a>', 'off', false);
// clear identity - force logout
Zend_Auth::getInstance()->clearIdentity();
} elseif ($user_test->is_hidden) {
Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('This account has been deleted or suspended'), 'off');
// clear identity - force logout
Zend_Auth::getInstance()->clearIdentity();
} else {
// everything ok, login user
$user_data = $authAdapter->getResultRowObject();
Application_Plugin_Common::loginUser($user_data, $authAdapter, $authStorage);
// flush url
Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector')->gotoUrl('');
}
} else {
// show as alert to cover login modal error
Application_Plugin_Alerts::error(Zend_Registry::get('Zend_Translate')->translate('Invalid username or password'), 'on');
}
}
return $form;
}
public function loginAction()
{
//if the user is logged already redir to home
$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
$this->_redirect('/' . $this->lang . '/woeid/' . $this->location . '/give');
}
$request = $this->getRequest();
$form = $this->_getUserLoginForm();
if ($this->getRequest()->isPost()) {
if ($form->isValid($request->getPost())) {
$f = new Zend_Filter_StripTags();
$email = $f->filter($this->_request->getPost('email'));
$password = $f->filter($this->_request->getPost('password'));
//DDBB validation
// setup Zend_Auth adapter for a database table
$readConf = new Zend_Config_Ini(APPLICATION_PATH . '/config/nolotiro.ini', 'production');
$dbAdapter = Zend_Db::factory($readConf->resources->db);
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('users');
$authAdapter->setIdentityColumn('email');
$authAdapter->setCredentialColumn('password');
// Set the input credential values to authenticate against
$authAdapter->setIdentity($email);
$authAdapter->setCredential(md5(trim($password)));
//trim whitespaces from copy&pasting the pass from email
// do the authentication
$auth = Zend_Auth::getInstance();
//check first if the user is activated (by confirmed email)
$select = $authAdapter->getDbSelect();
$select->where('active > 0');
//check if the user is not locked (spammers, bad users, etc)
$select->where('locked = 0');
$result = $authAdapter->authenticate();
if ($result->isValid()) {
// success: store database row to auth's storage
// system. (Not the password though!)
$data = $authAdapter->getResultRowObject(null, 'password');
$auth->getStorage()->write($data);
$woeid = $this->_helper->CheckWoeidUser->checkUserLogged($auth->getIdentity()->id);
$this->_helper->_flashMessenger->addMessage($this->view->translate('Welcome,') . ' ' . $auth->getIdentity()->username);
Zend_Session::start();
//check if user wants to be remembered by 7 days
$seconds = 60 * 60 * 24 * 7;
if ($this->_request->getPost('rememberme') == "1") {
Zend_Session::RememberMe($seconds);
} else {
Zend_Session::ForgetMe();
}
//check the redir value if setted
$aNamespace = new Zend_Session_Namespace('Nolotiro');
$redir = $aNamespace->redir;
if ($redir !== null) {
$aNamespace->redir = null;
//reset redir value
$this->_redirect($redir);
} else {
//if redir empty goto main home ads and set the welcome logged in message
$this->_redirect('/' . $this->lang . '/woeid/' . $woeid . '/give');
}
} else {
// failure: wrong username
$view = $this->initView();
$view->error = $this->view->translate('Wrong email or password, please try again');
}
}
}
// assign the form to the view
$this->view->form = $form;
}
public function logoutAction()
{
setcookie('jbdisqus[userid]', "", 1, "/");
setcookie('jbdisqus[username]', "", 1, "/");
setcookie('jbdisqus[token]', "", 1, "/");
setcookie('jbdisqus[refresh]', "", 1, "/");
setcookie('jbdisqus', "", 1, "/");
setcookie('jsdisqus', "", 1, "/");
unset($this->session->faves);
\Zend_Session::ForgetMe();
\Zend_Session::destroy(true);
$this->_redirect('/');
}
/** Delete a user */
public function deleteAction()
{
ignore_user_abort(true);
if (!$this->logged) {
throw new Zend_Exception('Must be logged in');
}
$userId = $this->getParam('userId');
if (!isset($userId)) {
throw new Zend_Exception('Must set a userId parameter');
}
$user = $this->User->load($userId);
if (!$user) {
throw new Zend_Exception('Invalid user id');
}
if ($user->isAdmin()) {
throw new Zend_Exception('Cannot delete an admin user');
}
if ($this->userSession->Dao->getKey() != $user->getKey()) {
$this->requireAdminPrivileges();
} else {
// log out if user is deleting his or her own account
if (!$this->isTestingEnv()) {
session_start();
$this->userSession->Dao = null;
Zend_Session::ForgetMe();
$request = $this->getRequest();
$date = new DateTime();
$interval = new DateInterval('P1M');
setcookie(MIDAS_USER_COOKIE_NAME, null, $date->sub($interval)->getTimestamp(), '/', $request->getHttpHost(), (int) Zend_Registry::get('configGlobal')->get('cookie_secure', 1) === 1, true);
}
}
$this->_helper->viewRenderer->setNoRender();
$this->disableLayout();
$name = $user->getFirstname() . ' ' . $user->getLastname();
$this->User->delete($user);
$this->getLogger()->debug('User ' . $name . ' successfully deleted');
echo JsonComponent::encode(array(true, 'User ' . $name . ' successfully deleted'));
}
